Centralized Logging

Comments (0)

Transcript of Centralized Logging

Centralized LoggingMaking the logs work for youManaging the logsWhy centralized loggingLogs are a critical part of any system, they give you insight into what the system is doing.Getting the logsVirtually every running process generates a log in some form.LOG WRANGLIN'MAKING LOGS WORK FOR YOUReduce time spent searching through logs to find something specific.Get automatic alerts for log anomalies.Allow access to certain logs to certain people.Be a DevOps ALL STAR!

Do you need to normalize the logs?Do you need to remove sensitive data?Just need to pull stats from the logs?

GUIsFile ReplicationA simple approach is to setup replication of your logs via rsync + cron. Most systems have some sort of rsync / scp / sftp client.SyslogSyslog is likely already installed on the majority of systems (windows excluded). Most people are familiar with rsyslog or syslog-ng.Distributed Log CollectorsHigh volume / high throughput log and event collection. Most of these are event streaming and processing systems.

output { #stdout {} gelf { facility => "logstash-gelf" host => '192.168.230.5' }}Log Retrieval- File Replication- Syslog- Distributed Log CollectorsPros:Cons:Easy to setupExact copies of your logsLogs sent through secure channelsTimely access to dataNo aggregationLogstash - log shipping / parsing and indexingGraylog - A UI for searching and analyzing logs. Also provides GELF logging format to overcome some syslog limitations.fluentd - Similar to logstash, small footprintFlume - Apache project for collecting, aggregating and moving log data.Scribe - Used and created by Facebook. Kafka - Developed by LinkedIn for their activity stream processing. Not ideal for logs but can be used.Pros:Cons:Highly configurableAvailable on most distrosWindows versions availableNot all OS's supported nativelyDefault settings can lead to dropped messagesLimited number of categoriesNot all apps can use syslog Examples:Troubleshooting!Logstash"logstash is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching)."InputFilterOutputamqpdrupal_dblogelasticsearcheventlogexecfilegangliagelfgemfiregeneratorgraphiteherokuimapirc